The present invention relates generally to network security in a distributed network or between networks, and more particularly to an internetwork authentication method which is capable of intermediate authentication as well as authentication of fragmented data regardless of the network protocol.
Historically, most networking protocols and architectures have not included solid authentication or confidentiality mechanisms. The MIT Athena project has been the exception to this rule with its development of the Kerberos authentication system. This system is beginning to be implemented at some sites and some workstation manufacturers are considering implementing Kerberos in their standard OS releases, but the overwhelming majority of networked sites have no authentication or confidentiality mechanisms in their network architectures. The ISO (International Standards Organization) OSI (Open Standards Interconnection) suite provides for confidentiality services in the upper layers but does not require authentication of any of the lower layer protocols. These lower layer protocols have a number of security problems in protocols commonly used in the internet and have certain limitations intrinsic to the Kerberos protocols. The security issues in the ISO OSI suite appear to have gotten less attention than in the Internet suite because the Internet suite is more widely implemented at present.
Recently, the Internet Engineering Task Force has begun to incorporate authentication and confidentiality mechanisms in some protocols, notably the Simple Network Management Protocol (referred to as "SNMP") and Privacy Enhanced Mail. A few other recent protocol specifications, such as for the Border Gateway Protocol (referred to as "BGP") and Open Shortest Path First (referred to as "OSPF") routing protocols provide hooks for authentication to be added later but do not define or mandate any real authentication mechanism. The BGP version 3 specification explicitly states that the definition of authentication mechanisms other than the default "no authentication" option are out of the scope of the specification. Similarly, the OSPF version 2 specification asserts that "OSPF also provides for the authentication of routing updates, . . . " when in fact the only authentication mechanisms specified are "no authentication" or "cleartext password." Overall, there is no fundamental systemic security architecture in the Internet protocol suite at present.
Bellovin, in his article entitled "Security Problems in the TCP/IP Protocol Suite" ACM Computer Communications Review, Vol. 19, No. 2 (April 1989), pp. 32-48 identifies that there are security flaws in the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol suite because hosts rely on IP source address for authentication and also because routing protocols have minimal to no authentication. The Bellovin article is incorporated herein by reference. Similarly, the ISO protocol has not paid sufficient attention to building security mechanisms into the network, transport, or routing protocols.
Some proposed computer security policies, such as Clark-Wilson, are not practical to implement using current network protocols, which rely on datagram fragmentation, unless intermediate authentication is provided. For a discussion of such policies, see D. D. Clark and D. R. Wilson, "A Comparison of Commercial and Military Computer Security Policies," Proceedings of the 1987 IEEE Symposium on Security & Privacy, IEEE Computer Society, Oakland, Calif. (1987), which is incorporated herein by reference.
Aside from concerns about attacks, there is recently much interest in implementing policy-based routing, network usage accounting, and network auditing. None of these may be dependably implemented unless the network protocol headers may be authenticated by routers as well as the end hosts. If there is no intermediate authentication, then it is straight forward to spoof policy-based routing and to cause others to pay for one's network traffic. Without authentication, auditing cannot yield meaningful results. It is clear that network protocol header authentication is essential for both existing and future services.
Thus, there is a need for providing intermediate authentication in networking. By being able to authenticate a packet while in route, the possibility of host masquerading and network attacks are reduced. Additionally, policy-based routing, network usage accounting, and network auditing may be implemented.